Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance UX for SAST and SCA - lua and rust #45

Merged
merged 5 commits into from
Jun 26, 2023
Merged

Enhance UX for SAST and SCA - lua and rust #45

merged 5 commits into from
Jun 26, 2023

Conversation

saisatishkarra
Copy link
Collaborator

@saisatishkarra saisatishkarra commented Jun 22, 2023
edited
Loading

  • Shared action for Rust Lint and SCA only on directory path:

    • Report Grype CVE SCA results to GitHub Code Scanning for public repositories
    • Report Grype CVE SCA results to workflow artifact and console log for private repositories
    • Report Rust Clippy Linting results as GitHub PR annotations and GitHub status check for commit

  • Shared action for Lua check Lint and SCA

    • Report Lua check results as GitHub PR annotations and Github status check for commits using Junit XML
    • SCA: No support yet

  • Shared SEMGREP action for SAST across `all supported languages

    • Auto-detect languages for the repository while scanning
    • Optional additional config ruleset can be provided as input
    • Report Semgrep SAST results as GitHub PR annotations and GitHub status check for commits on private repositories
    • Report Semgrep SAST results to GitHub Code scanning for public repositories

Known limitations:

  • GitHub Code scanning Alerts reported by Grype SCA Code scanning check are available only in Security -> Github Code Scanning -> filter using pr:<number>
  • Luacheck / Rust clippy Reports / Results Github check results are associated with the wrong workflow instead of the actually specified workflow from where the steps are run

POC example:
Scimia/atc-router#4
https://github.com/Scimia/atc-router/security/code-scanning?query=is%3Aopen+pr%3A4

@saisatishkarra
add semgrep sast scanning
a4674a4 
non blocking lua and rust linting
@saisatishkarra saisatishkarra requested a review from a team as a code owner June 22, 2023 20:22
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-actions
Copy link

github-actions bot commented Jun 22, 2023
edited
Loading

Luacheck Report

1 files  1 suites   0s ⏱️
4 tests 4 ✔️ 0 💤 0
8 runs  8 ✔️ 0 💤 0

Results for commit d3d39ca.

♻️ This comment has been updated with latest results.

cjbischoffkg
cjbischoffkg previously approved these changes Jun 22, 2023
View reviewed changes
@saisatishkarra saisatishkarra changed the title WIP: Enhance UX for SAST and SCA for and lua and rust WIP: Enhance UX for SAST and SCA - lua and rust Jun 26, 2023
@saisatishkarra saisatishkarra changed the title WIP: Enhance UX for SAST and SCA - lua and rust Enhance UX for SAST and SCA - lua and rust Jun 26, 2023
@saisatishkarra saisatishkarra merged commit 94e2100 into main Jun 26, 2023
@saisatishkarra saisatishkarra deleted the refactor/sast-sca branch June 26, 2023 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vsofronievk vsofronievk vsofronievk approved these changes

@cjbischoffkg cjbischoffkg cjbischoffkg left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@saisatishkarra @vsofronievk @cjbischoffkg